查找ntdll.dll成功后，为什么Native API不成功。

//在访问下面其中一句时，机器重启。
PVOID WatchDevice::FindFunc(PVOID Base,PCSTR Name)
{
PIMAGE_DOS_HEADER dos =PIMAGE_DOS_HEADER(Base);
PIMAGE_NT_HEADERS nt =PIMAGE_NT_HEADERS(PCHAR(Base)+dos->e_lfanew);
PIMAGE_DATA_DIRECTORY expdir=nt->OptionalHeader.DataDirectory
+IMAGE_DIRECTORY_ENTRY_EXPORT;
ULONG size =expdir->Size;
ULONG addr =expdir->VirtualAddress;
PIMAGE_EXPORT_DIRECTORY
exports=PIMAGE_EXPORT_DIRECTORY(PCHAR(Base)+addr);
PULONG functions =PULONG(PCHAR(Base)+exports->AddressOfFunctions);
PSHORT ordinals =PSHORT(PCHAR(Base)+exports->AddressOfNameOrdinals);
PULONG names =PULONG(PCHAR(Base)+exports->AddressOfNames);
PVOID func =0;
ULONG ord = 0;
for (ULONG i =0;i< exports->NumberOfNames;i++)
{
ord = ordinals [i ];
if (functions[ord]<addr || functions[ord] >=addr + size)//这一句重启
{

if (_stricmp(PSTR(PCHAR(Base)+names),Name)==0)
func =PCHAR(Base)+functions[ord];
}
}
return func;
}

希望高手解释，并帮助解决这个问题。


[编辑 -  7/13/04 by  wwwllg]